markwilson.it

No more FeedBlitz for markwilson.it updates

Posted on Saturday 14 November 2015Saturday 14 November 2015 By Mark Wilson

This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve offered email subscriptions on this blog for years now, initially using FeedBlitz, then FeedBurner and also via WordPress.com. Ironicially, given that FeedBurner is now owned by Google, it’s FeedBlitz that I’m least happy with – primarily because of the poor quality adverts that it wraps around my content.

For this reason, I’m going to be switching off the FeedBlitz feed over the next few days. I’ll contact every existing subscriber on the FeedBlitz feed, before switching them over to the WordPress-powered subscription, but thought it appropriate to post an update on the site as well.

It’s great to know that people still read the content I create – you can always subscribe to the RSS feed or for email updates via WordPress.com or using the Subscriptions section on the right hand side of the blog homepage.

Thanks for your continued support.

Banish passwords and unlock your PC with Windows Hello

Posted on Friday 13 November 2015Friday 13 November 2015 By Mark Wilson

Passwords are so old-fashioned. And insecure. Often, after a high profile website hack we’re asked to change our passwords because most people use the same password for multiple services. So, what’s the answer? Well, not using the same password for multiple sites might be one solution but that leads to problems with remembering passwords (which is why I use a password manager). Others think the solution lies in biometrics (and I’d certainly consider that as a second factor).

Windows 10 has an interesting new feature called Windows Hello. Rather than relying on a password, or a PIN (which is ultimately the same thing, once it’s been hashed…), Hello uses facial recognition to determine whether you can have access to a PC or not – and I’ve been testing it for a few weeks now.

Actually, we have two PCs in our house that can use Windows Hello: my wife’s Lenovo E550 (using the fingerprint reader or optional 3D camera); and the Lenovo B50 All-in-one PC I have on loan also includes the 3D camera that is required for facial recognition (iris readers will soon be available too). And in case you’re reading this and getting worried about a copy of your face being shared around the Internet, Hello’s facial recognition uses infra-red technology with the camera to capture data points (a kind of graph of your face) rather than a picture itself and the data never leaves the PC (where it is stored in encrypted form – you can read more in Microsoft’s Windows Hello privacy FAQ). In essence, you have possession of a device; you unlock it with your face (or other biometrics); and then Windows Hello authenticates on your behalf but your biometric information is never transferred.

I was a bit confused at first to find that Hello was not available on the B50, until I discovered that the OOTB drivers were not up to the task – once I’d installed the Intel RealSense Depth Camera Manager (DCM) drivers, Windows was happy to learn how my face looks and Windows Hello jumped into life.

“So, what’s it actually like to use?”, you might ask.

Setup is just a case of following a wizard to let Windows recognise your face and after that it’s really, really straightforward.

Windows Hello setup - welcome! Windows Hello setup - make sure it's you Windows Hello setup - say cheese! Windows Hello setup - all set! Windows 10 sign-in options, including Windows Hello

Just make sure you look directly at the PC (no slurping a cuppa whilst waiting for it to recognise you).

Playing with Windows Hello #PrettyCool #Windows10 pic.twitter.com/O2V7dgNIJI

— Mark Wilson (@markwilsonit) September 22, 2015

Sometimes the camera takes a while to wake up when the PC resumes from standby (a driver issue, I expect – they seem to be under constant iteration) but in general it seems pretty reliable. It seems to cope well with varying lighting conditions too – whether I have a full ceiling light on, daylight from the window, or a little desk lamp; and I’ve moved offices since I originally set it up – that doesn’t seem to make a difference either. And there’s no problem with variations in the amount of facial hair I’m wearing on any given day. Apparently, even identical twins don’t fool it…

Logging on to my PC with little more than a wiggle of a mouse (to wake it up) and a stare is great… it’s a shame I’ll have to give the PC back soon.

Apple finally recognises European consumer laws

Posted on Monday 9 November 2015Monday 9 November 2015 By Mark Wilson

Back in 2012, I wrote about my poor experiences with Apple and consumer law. I wasn’t alone either – the comments on that post showed that others had similar issues, including taking Apple to the small claims court…

…for that reason, I was surprised last Friday to hear a “Genius” in my local Apple Store telling someone they had two years cover for their device under EU consumer law. That was particularly interesting as I’d just been quoted £94 for a new 1TB hard disk in my own Mac which was 367 days old at the time! (I had corrected the Genius by saying a) that my call was logged with Apple Support whilst the device was less than a year old and b) that’s about twice what a 1TB 2.5″ SATA HDD should cost at current market prices). In my case, it was a genuine mistake, but I did ask about the “2 years European Consumer Law” cover that had been quoted to the other customer.

Well, it seems that a while ago (possibly around 2013, based on copyright notice for the leaflet I was given), Apple finally recognised that their warranty cover didn’t comply with European consumer legislation. Apple’s UK Statutory Warranty page details what’s available under the Apple On-Year Limited Warranty, under European Consumer Law, and with an AppleCare Protection Plan. Significantly:

“Under consumer laws in the UK, consumers are entitled to a free of charge repair or replacement, discount or refund by the seller, of defective goods or goods which do not conform with the contract of sale. For goods purchased in England or Wales, these rights expire six years from delivery of the goods and for goods purchased in Scotland, these rights expire five years from delivery of the goods.”

It may be late, but it’s good to see Apple finally recognises European consumer laws.

The impact of Microsoft’s changes to OneDrive storage quotas on Office 365 plans

Posted on Thursday 5 November 2015Thursday 5 November 2015 By Mark Wilson

Earlier this week, Microsoft announced some changes to its consumer cloud storage product, OneDrive (with more details in this FAQ).

Microsoft Reneges on Unlimited OneDrive Storage Promise – https://t.co/J9PUpkVeBj pic.twitter.com/Oy2A8YcSH4

— Paul Thurrott (@thurrott) November 3, 2015

Whilst the changes to OneDrive storage quotas are disappointing for some users, that’s life – you don’t get much that’s genuinely free and Microsoft clearly wasn’t making money on OneDrive.

What I find more disappointing is that Microsoft has created a real mess, after so much positive publicity in the new cloud-first, mobile-first Microsoft that Satya Nadella is leading. And it’s not about the products – the marketing guys are to blame here. First of all, there was nothing on the Office blogs about this – the announcement is on a separate OneDrive blog. Then that announcement refers to “Office 365 consumer subscribers”. So, as one person commented on the Office 365 Yammer network:

“Oh Microsoft what were you thinking with your poorly articulated and conceived change to OneDrive? https://blog.onedrive.com/onedrive_change . What a mess! Now people are emailing me and asking when they will lose space on their OneDrive and I have to explain ‘not that OneDrive this OneDrive’ and ‘not that Office 365 this Office 365′”

As well as two OneDrive products (OneDrive and OneDrive for Business, although sometimes with a unified client) and two Skype products (Skype and Skype for Business, again becoming more integrated but not quite there) we now seem to have the marketing teams talking about two sets of Office 365 subscription plans (Office 365 consumer and Office 365 business).

Anyway… setting aside some dubious product naming decisions, a retrenchment from “unlimited” storage (we all know what unlimited means to marketing departments… and surely it can be managed with an acceptable use policy if it’s being used to extremes) and some mightily annoyed end users who are about to see a drop in their OneDrive storage, what does this actually mean for Office 365 customers? I heard one MVP announce that Microsoft was reducing the amount of storage in Office 365 – and, unless we’re talking about an Office 365 Home, Personal, or University subscriber, that’s simply not the case.

Well, if you have an Office 365 consumer subscription, you still get 1TB of storage (per user – so with my family of 4 users on Office 365 Home, that’s potentially 4TB of storage) and, if you have an Office 365 business subscription, then the unlimited storage was never rolled out (at least not on any tenant I’ve seen) – although at the time of writing it is still on the Office 365 Roadmap as “in development” (I do expect that to change, although I haven’t seen any announcements from Microsoft).

In essence, it seems “unlimited” is a terabyte. Which may not be what the Oxford English Dictionary defines as the meaning of unlimited but is still a huge uplift on any file shares I’ve ever seen provisioned to end users!

fscked-up Mac: creating a backup in OS X single user mode

Posted on Saturday 31 October 2015Monday 2 November 2015 By Mark Wilson

11 months and 3 weeks after I bought it, my Mac Mini started playing up… I suppose I should be grateful that it’s just before the Apple warranty ends, not just after (although I did buy from Solutions Inc., who offer a 2 year warranty as standard… although they’ve told me it could take a month for repairs, so to try Apple first!).

First up, I noticed issues when copying files to a folder. It said the files already existed but they weren’t in the directory listing. Then, I noticed that the Mac was switched off when it shouldn’t be. I powered it back on, only to find it got part way through booting (black screen with an Apple logo) and powered itself down. A corrupted file system and potentially flaky hard disk was my first thought… swiftly followed by “when was my last backup?”.

I started to work through Lex Freidman (@lexfri)’s Macworld tutorial on when good Macs go bad: steps to take when your Mac won’t start up, only to find that my Bluetooth keyboard wasn’t much help for Command-key combinations at bootup time (thankfully I had an Apple USB keyboard in the loft). Using Disk Utility to verify the disk confirmed some file system errors but a repair failed to fix them… so on to booting into single user mode and fsck -fy.

My problems only started after I upgraded OS X (the article is written for Mountain Lion) – I’m running Yosemite/10.10.5 (by the way, sw_vers -productVersion helped with that) – and I have a feeling all Disk Utility had been running under the covers was fsck but, regardless, it couldn’t fix my file system either…

** /dev/rdisk0s2
** Root file system
Executing fsck_hfs (version hfs-285).
** Checking Journaled HFS Plus volume.
The volume name is Macintosh HD
** Checking extents overflow file.
** Checking catalog file.
Incorrect block count for file coreduetd.db-wal
(It should be 698 instead of 587)
Missing thread record (id = 2396638)
Invalid extent entry
(4, 16638)
Missing thread record (id = 2539257)
Invalid extent entry
(4, 22174)
Invalid extent entry
(4, 22174)
Invalid extent entry
(4, 22174)
Invalid extent entry
(4, 22174)
Incorrect block count for file 2015-05-29 18.44.00.jpg
(It should be 1939 instead of 134219675)
Invalid extent entry
(4, 22174)
Invalid extent entry
(4, 22174)
Invalid extent entry
(4, 22174)
Invalid extent entry
(4, 22174)
Invalid extent entry
(4, 22174)
Incorrect block count for file 2015-05-29 19.04.41.jpg
(It should be 2448 instead of 526736)
Invalid extent entry
(4, 53125)
Invalid extent entry
(4, 53125)
Missing thread record (id = 136756985)
Incorrect number of thread records
(4, 21015)
** Checking multi-linked files.
** Checking catalog hierarchy.
Missing thread record (id = 2539257)
Missing thread record (id = 2585438)
Invalid volume file count
(It should be 1144777 instead of 1144780)
** Checking extended attributes file.
Incorrect number of extended attributes
(It should be 875596 instead of 875596)
Incorrect number of Access Control Lists
(It should be 1619 instead of 1620)
Overlapped extent allocation (id = 1479061, /private/var/db/CoreDuet/coreduetd.db-wal)
** Checking volume bitmap.
Volume bitmap needs minor repair for under-allocation
** Checking volume information.
Invalid volume free block count
(It should be 43923570 instead of 47674177)
Volume header needs minor repair
(2, 0)
** Repairing volume.
GetCatalogRecord: No matching catalog record found
FixBadExtent: Could not get catalog record for fileID 2924329
** The volume Macintosh HD could not be repaired.

So, onto that backup…

This is where Nestor Urquiza’s post (Mac OSX not booting? Make a backup from single user mode first) helped enormously. I decided not to touch my normal backups for this job and bought a new disk instead (a 1TB Seagate Backup Plus Slim was £50 in Currys – only a fraction more expensive than in the usual online locations) but the drive is pre-formatted using NTFS so I shrunk the volume in Windows Disk Management, then created a new simple volume in the free space with a single partition. This was formatted as exFAT (as ExFAT and NTFS were the only available options) and I ejected the disk from my PC and plugged it into the Mac (still in single-user mode), which responded with:

USBMSC Identifier (non-unique): 0x00000000 0xbc2 0xab24 0x100, 3

ls -l /dev/disk* told me that this was disk1

brw-r—– 1 root operator 1, 0 Oct 30 18:02 /dev/disk0
brw-r—– 1 root operator 1, 3 Oct 30 18:02 /dev/disk0s1
brw-r—– 1 root operator 1, 2 Oct 30 18:02 /dev/disk0s2
brw-r—– 1 root operator 1, 1 Oct 30 18:02 /dev/disk0s3
brw-r—– 1 root operator 1, 4 Oct 30 22:31 /dev/disk1
brw-r—– 1 root operator 1, 5 Oct 30 22:31 /dev/disk1s1
brw-r—– 1 root operator 1, 6 Oct 30 22:31 /dev/disk1s2

fstyp /dev/disk1d1 confirmed the NTFS partition:

ntfs

whilst fstyp /dev/disk1d2 returned:

msdos

That’s the ticket! A couple more commands and I had a read/write file system and a directory to mount the external disk in

mount -uw /
mkdir /extdrive

but then it all ground to a halt:

mount -t msdos /dev/disk1s2 /extdrive

mount_msdos: Unsupported sector size (0)

I had a suspicion that ExFAT was the issue here so, as Windows 2000 and later will only format FAT32 up to 32GB (although the file system supports larger volumes), I used a third party utility (the GUI version of FAT32Format created by Ridgecrop Consultants and as described by Matthew Nawrocki). Once the drive was reformatted as FAT32 instead of ExFAT, it mounted without any issues on the Mac.

I wrote a couple of test files… then started the bulk copies…

cp -r /Users/mark/Downloads /extdrive/
cp -r /Users/mark/Desktop /extdrive/
etc.

Finally, when all files were copied, I unmounted the USB drive (and checked I could read the files on another PC):

umount /extdrive

At the time of writing, I still need to get my Mac fixed. I guess I’ll be making an appointment to see a “genius” at my local Apple Store but at least I have a backup if the disk is swapped out or wiped. Actually, I got nervous about using FAT32 for my Mac backups, so I’m currently re-running the process with an HFS-formatted disk (using my old MacBook to create the volume)… and using a slightly-amended cp command for a verbose output and to preserve the file metadata:

cp -pRv /Users/mark/Pictures/2015 /extdrive/

I suspect there may be more blog posts to follow as this story develops…

Up to 22% discount on Office 365 Home subscriptions

Posted on Sunday 18 October 2015Monday 12 October 2015 By Mark Wilson

A few weeks ago, I wrote about Office 365 Home, which allows me to get the latest version of Microsoft Office on up to 5 PCs/Macs, 5 tablets and 5 phones. Originally, I took out a one month free trial, after which it becomes a monthly subscription at £7.99.

If you pay annually, you can get 2 months free. Add that to the one month free trial and by my calculations that’s a 22% discount on Office 365 in year 1 and 16% in subsequent years.

Beware though, if you make a payment too early in your trial period, the free trial ends immediately.

I also found that, when I went to renew, the price was in US Dollars (although that might actually have been cheaper, before credit card charges, etc.). I contacted Microsoft support, who were happy to make the required changes on my account from monthly to annual renewal.

Restricting access to Yammer

Posted on Thursday 15 October 2015Tuesday 13 October 2015 By Mark Wilson

A few days ago, Matt Ballantine wrote about Enterprise Social Media and the need to focus on building an audience:

Internal communications people can fall into the trap of believing that what they produce is content rather than advertising. Internal communications appears to be the only form of direct marketing to which there is no legal right to opt out.

The challenge then with Enterprise Social Networks, especially when they are treated as an internal media channel, is that if all you are pushing out is advertising (and yes, the latest interview with the CEO about the next 5 year strategy is advertising) you are trying to build an audience on marketing alone.

So, cue Yammer, Microsoft’s Enterprise Social Networking product, purchased a few years ago and slowly being integrated into Office 365…

As I wrote back in July, Yammer comes in two flavours:

Yammer Basic is a bit like the wild west – users sign up with their corporate email accounts and a network is formed, using company resources, but over which the company has no control.
Yammer Enterprise is a paid product, included in certain Office 365 Enterprise subscriptions, which provides a level of administrative control.

Yammer tile from Office 365 But, here’s the gotcha – once you activate Yammer on your Office 365 subscription, a Yammer tile will appear on the Office 365 App Launcher and you have no way to turn it off.

I was recently working with a customer who had activated Yammer on their domains (to shut down the anarchy of Yammer Basic) but who wasn’t ready to start using the product yet (going back to Matt’s point about building an audience – i.e. launching the platform in a controlled manner, with appropriate business sponsorship and support).

Disabling logon to Yammer

With a Yammer tile in Office 365 but no way to turn it off, I was left looking at options for restricting access to Yammer:

Use block lists to prevent users from logging on. That doesn’t scale and would be an administrative nightmare, so it’s not really a credible option.
Disable Yammer in ADFS using a claims transformation rule (more information on TechNet). This would have been a nice idea except that Yammer SSO is deprecated since support for Office 365 authentication was introduced (it’s still supported, but not being developed). Denying access to Yammer on the Office 365 Identity Platform relying party trust meant that I also denied access to other Office 365 services!
Use PowerShell to modify user licences except that doesn’t work – changes to the YAMMER_ENTERPRISE plan do not have any effect.
Use Yammer’s logical firewall to block access based on IP address (thanks to Steve Rush for the suggestion). This is a bit crude but it works – just make sure there is a range for which access is allowed, so you can still get in and administer the network when you are ready to start using it!

Blocking access to Yammer via IP - end user experience

Lync client does not retrieve conversation history and meeting information from Exchange

Posted on Wednesday 14 October 2015Wednesday 30 September 2015 By Mark Wilson

In addition to the challenges created by the unified contacts store, my recent Office 365 migration project saw some issues where a user’s Lync/Skype for Business client failed to pick up a change in Exchange Web Services (EWS) as part of the move to Skype for Business Online.

The reason for this is unclear but I’m not the only one who’s experienced it – Richard Brynteson describes exactly the same scenario where, after a migration from an on-premises Exchange mailbox to Exchange Online, the Lync 2013 client is unable to connect to the Exchange server and pull conversation history and meeting information.

If we looked at the configuration information for the Lync client (by Ctrl+right clicking on the Lync taskbar icon), we could see that the client was not autodiscovering the move to Exchange Online and still showed on-premises Exchange details, instead of a blank EWS Internal URL and an entry of https://outlook.office365.com/EWS/Exchange.asmx/WSSecurity for the EWS External URL.

One suggestion given to me to force a new autodiscovery search was to wipe the user’s cached client information (in %appdata%\Local\Microsoft\Office\15.0\Lync\sip_alias@domainname.tld). That sounded a little destructive but Richard’s post suggests removing a single registry key: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Lync\username@domainname.tld\Autodiscovery.

Even better though is the solution from a comment on Richard’s blog post, from “Chad”:

We’ve resolved this by having users sign out of Lync and then choose “Delete my sign-in info”, then just sign back in and their Lync client now connects to 365. We provide this as post-migration steps to users once we move their mailboxes to 365. Hope that helps and is typically easier than deleting [registry] entries.

That’s a much more user-friendly fix (which worked for me) – and it’s one to add to the project FAQ list.

Unified Contact Store requires Lync user to be migrated to Office 365 before Exchange mailbox

Posted on Tuesday 13 October 2015Tuesday 29 September 2015 By Mark Wilson

In a recent Office 365 project, I came across an issue where, if we migrated a user’s Exchange 2013 mailbox to Exchange Online before we migrated their Lync 2013 user to Skype for Business Online, the Move-CsUser cmdlet generated an error:

Move-CsUser: Exception of type ‘Microsoft.Rtc.Management.AD.Helpers.RollbackException’ was thrown

This is described in Camille de Bay’s blog post and appears to be related to the Unified Contact Store, which is enabled by default with Lync 2013 and Exchange 2013. There appear to be two options:

Migrate Lync before Exchange
Use the -force switch with the Move-CsUser cmdlet (which will result in a loss of contacts)

Dave Stork goes on to describe some issues with a combination of the UCS, Lync on-premises and Exchange Online (and these appeared to apply to my Lync 2013/Skype for Business Online hybrid solution too).

Microsoft knowledge base article 2614614 has lots more information on integrating Exchange Online with Skype for Business Online, Lync Server 2013, or a Lync Server 2013 hybrid deployment

Tools for troubleshooting Outlook autodiscover

Posted on Monday 12 October 2015Tuesday 13 October 2015 By Mark Wilson

In my post last week about Office 365 and proxy servers, I mentioned issues with Outlook autodiscover. These were not exactly easy to troubleshoot, often with multiple subject matter experts looking from different angles (network, client applications, Exchange, firewalls, etc.). During the process, we used a few tools (as well as examining the traffic hitting the proxy servers) and I thought I’d highlight them here (if only for my own future reference):

The obvious starting point is the Outlook Autodiscover tests on the Microsoft Remote Connectivity Analyzer (RCA). I was using the Office 365 version but one of the other SMEs working on the issues suggested that the Exchange version is a better test as it doesn’t have hard coded addresses in it – your mileage my vary.
Next up are some handy tests built into Outlook: Ctrl+right click on the Outlook icon in the task bar and you’ll see various tools including Connection Status and Test Email Auto-Configuration. I’ve written about these before… although they’re worth mentioning again!
Outlook logging is another option (although it doesn’t create the olkdisc.log file in Outlook 2013). More details are in Microsoft knowledge base article 2862843.
Kip Ng’s standalone autodiscover test tool (autodiscovertest.exe) is very useful when you can’t get network access to the RCA. Michel de Rooij summarises it in his post and there’s more information in Kip’s post.
Finally, EWS Editor is a useful tool for testing Exchange Web Services, including troubleshooting Autodiscover.